IRIS Foundation Limited
Privacy policy
Introduction
We are IRIS Foundation Limited, a company limited by guarantee and incorporated in Hong Kong (“the Foundation”, “we” or “us”).
Your privacy is important to us. We are committed to protecting the privacy, confidentiality and security of the personal data we hold by complying with the requirements under applicable laws and regulations. We are equally committed to ensuring that all our employees, service providers and agents uphold these obligations.
This policy explains how we manage personal data within our organization.
How we collect personal data
We collect personal data about you in the following ways:
  • where you register for an account or to receive emails from us
  • when you order products or services from us
  • when you submit a query or request to us
  • when you respond to a survey that we run or fill in forms on one of our websites
  • by tracking your use of our websites and mobile applications
  • from public sources
  • from examination of public and private blockchains
  • from third parties who are entitled to disclose that information to us
  • when you apply for a job with us
In some cases we may be required by law to collect certain types of personal data about you.
Where we collect personal data from you, we will generally do so ourselves. However, in some cases we may collect personal data from a third party, such as through your representatives, contractors who provide services to us, or third parties who refer you to us because they think you may be interested in our products or services.
Kinds of personal data we collect
The kinds of personal data that we collect and hold about you may include:
  • identifying information, such as your real name, nationality, ID type, ID number and other information required by the laws and regulations
  • contact information, such as your postal address, email address and telephone number personal information
  • social media handles and other social media profile information that you make available to us or to the public
  • financial information, such as credit card, bank account or other payment details
  • blockchain identifiers, such as blockchain addresses and public keys
  • usernames and passwords that you create when registering for an account with us
  • details of any products or services that we provide to you
  • information about how you use the products and services we provide
  • records of our communications with you, including any messages you send us
Without this information, we may not be able to provide you with our products or services (or with all of the features and functionality offered by our products or services) or to respond to queries or requests that you submit to us.
Purposes for which we use personal data
We use personal data that we collect about you for the following purposes:
  • to verify your identity when you are dealing with us
  • to determine your eligibility for any of our products or services
  • to determine your compliance with the terms and conditions that apply to any of our products or services and applicable law
  • to enable us to provide our products and services
  • to improve our website based on your information and feedback
  • to answer your queries and requests
  • to comply with our legal and regulatory obligations
  • to carry out market analysis and research
  • to monitor use of our products and services
  • to assess, maintain, upgrade and improve our products and services
  • to carry out education and training programs for our staff
  • to manage and resolve any legal or commercial complaints or issues
  • to carry out planning and forecasting activities and other internal business processes
  • to keep you informed about our activities, including by sending out newsletters
  • to connect you with our users of our products and services
Direct marketing
We may from time to time use your personal data in order to send you marketing materials about products or services that we think you may be interested in (including in some cases products and services that are provided by a third party). We may not use your personal data unless we have received your consent. You can opt-out of receiving marketing communications from us by contacting us at contact@irisnet.org .
We may use your following personal data for the purpose of direct marketing:
  • identifying information, such as your name and date of birth
  • contact information, such as your postal address, email address and telephone number
  • products and services portfolio information and demographic data held by us from time to time
We may use your personal data to market the following products and/or services to you:
  • purchasing and/or trading digital assets
  • providing, managing or accessing mobile wallets for holding digital assets; and
  • other products or services related to digital assets
If we use your personal data in any direct marketing communications, you have the right to request that we provide you with the source of that personal data. There is no fee for requesting this information.  We will provide you with the source of the personal data, unless it is impracticable or unreasonable to do so.
Please indicate your consent to receiving information relating to the above by contacting us at contact@irisnet.org .
We may also use and disclose your information for other purposes in accordance with your requests or instructions.
People to whom we may disclose personal data
We may share personal data about you with:
  • your representatives, advisers and others you have authorised to interact with us on your behalf
  • our staff who need the information to discharge their duties
  • related entities within our corporate group
  • our business partners, agents and service providersp
  • payment system operators and financial institutions
  • prospective purchasers of all or part of our business or a related entity
  • professional advisers who we engage to provide advice on our business
  • government authorities who ask us to disclose that information, or to other people as required by law
In some cases the people to whom we disclose your personal information may be located overseas. Further, we may have servers located overseas. The jurisdictions in which these people and/or servers are likely to be located include the United States, Japan, and Singapore. There may not be in place data protection laws which are substantially similar to, or serve the same purposes as the applicable data privacy laws in Hong Kong. This means your personal information may not be protected to the same or similar level in Hong Kong.
[We will never sell your personal data to any third party.] [optional clause]
Cookies
[optional clause, to be used if cookies are relevant to your business]
[We use cookies to monitor and observe your use of our websites, compile aggregate data about that use, and provide you with a more effective service (which may include customising parts of our websites based on your preferences and past activities on those websites). "Cookies" are small text files created and stored on your hard drive by your internet browser software, in order to hold relevant information about the web page you are currently viewing. Most internet browsers have a facility that will allow you to disable cookies altogether – please refer to your browser’s help menu to find out how to do this. While you will still be able to browse our websites with cookies disabled on your internet browser, some website functionality may not be available or may not function correctly.]
Storage and security of personal data
We generally store the personal data that we collect in electronic databases, some of which may be held on our behalf by third party data storage providers. Sometimes we also keep hard copy records of this personal data in physical storage facilities. We use a range of physical and technical security processes and procedures to protect the confidentiality and security of the information that we hold, and we update these from time to time to address new and emerging security threats that you become aware of.
[We also take steps to monitor access to and modification of your information by our staff, and ensure that our staff are aware of and properly trained in their obligations for managing your privacy.] [optional clause]
Google Analytics
[optional clause, to be used if Google Analytics are used]
[Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies to help the website analyse how users use our website.
The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.]
Retention of personal data
Your personal data will only be kept as long as required.
We may retain your personal data for a period of at least 12 months. At our discretion, we may retain personal data for longer than the said period if we consider it necessary or desirable to do so to meet our legal or regulatory obligations.
Access and correction
If you want to access any of the personal data that we hold about you or to correct some aspect of it (for example, because you think it is incomplete or incorrect), please contact our privacy compliance team using the contact details set out below. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. In certain cases we may charge you an administration fee for providing you with access to the information you have asked for, but we will inform you of this before proceeding. There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your request.
Even if you do not request access to and/or correct your personal data held by us, if we are satisfied that, having regard to the reasons for which we hold your personal data, that personal data is inaccurate, incomplete, out-of-date, irrelevant or misleading, we may take reasonable steps to correct that information.
Your consent
By using our website, providing personal data and/or using any of our products or services, you agree that:
  • you consent to this privacy policy, as updated from time to time; and
  • if you have provided personal data to us relating to any other person, you:
    • have a right to provide that information;
    • have provided a copy of this privacy policy, as updated from time to time, to that person; and
    • each such person has agreed to those terms.
Complaints
We try to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which we are managing your personal data and think we may have breached any applicable privacy laws, or any other relevant obligation, please contact our privacy compliance team using the contact details set out below. We will make a record of your complaint and refer it to our internal complaint resolution department for further investigation. We will deal with the matter as soon as we can, and keep you informed of the progress of our investigation..
Changes to this policy
We may make changes to this policy from time to time, to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations. The latest version of this policy will always be available on our website.
Contact details
If you want any further information from us on privacy matters, please contact our privacy compliance team at contact@irisnet.org .
Copyright © 2018 IRIS Foundation Ltd. All rights reserved. Privacy & Terms